Prompted for key password when key is in ssh-agent












0















In an old shell session, the number of ssh keys in ssh-agent tends to be large enough to fail authentication with the server, simply because the client just throws keys at it, FIFO fashion. It seems to do this even if the IdentityFile directive is specified for the relevant host in ~/.ssh/config.



To remedy that, I added the IdentitiesOnly directive to said file. Now, however, I'm prompted for an ssh key password when I attempt to connect to the server. This, despite the fact that the key is in ssh-agent. When I remove IdentitiesOnly from the configuration file, no prompt is presented and access is granted.



So, my questions is, how can I ensure that the correct key (and no other) is presented to a given server and avoid being prompted for that key's password?






ssh ssh-agent







share|improve this question



























    0















    In an old shell session, the number of ssh keys in ssh-agent tends to be large enough to fail authentication with the server, simply because the client just throws keys at it, FIFO fashion. It seems to do this even if the IdentityFile directive is specified for the relevant host in ~/.ssh/config.



    To remedy that, I added the IdentitiesOnly directive to said file. Now, however, I'm prompted for an ssh key password when I attempt to connect to the server. This, despite the fact that the key is in ssh-agent. When I remove IdentitiesOnly from the configuration file, no prompt is presented and access is granted.



    So, my questions is, how can I ensure that the correct key (and no other) is presented to a given server and avoid being prompted for that key's password?






    ssh ssh-agent







    share|improve this question

























      0












      0








      0








      In an old shell session, the number of ssh keys in ssh-agent tends to be large enough to fail authentication with the server, simply because the client just throws keys at it, FIFO fashion. It seems to do this even if the IdentityFile directive is specified for the relevant host in ~/.ssh/config.



      To remedy that, I added the IdentitiesOnly directive to said file. Now, however, I'm prompted for an ssh key password when I attempt to connect to the server. This, despite the fact that the key is in ssh-agent. When I remove IdentitiesOnly from the configuration file, no prompt is presented and access is granted.



      So, my questions is, how can I ensure that the correct key (and no other) is presented to a given server and avoid being prompted for that key's password?






      ssh ssh-agent







      share|improve this question














      In an old shell session, the number of ssh keys in ssh-agent tends to be large enough to fail authentication with the server, simply because the client just throws keys at it, FIFO fashion. It seems to do this even if the IdentityFile directive is specified for the relevant host in ~/.ssh/config.



      To remedy that, I added the IdentitiesOnly directive to said file. Now, however, I'm prompted for an ssh key password when I attempt to connect to the server. This, despite the fact that the key is in ssh-agent. When I remove IdentitiesOnly from the configuration file, no prompt is presented and access is granted.



      So, my questions is, how can I ensure that the correct key (and no other) is presented to a given server and avoid being prompted for that key's password?






      ssh ssh-agent




      ssh ssh-agent






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 20 at 19:29









      chbchb

      2961416




      2961416






















          1 Answer
          1






          active

          oldest

          votes


















          0














          I came across the solution in this blog post.



          Essentially, the idea is to refer to the public key, not the private key, in the IdentityFile declaration. So the final configuration for host foo would be something like this:



          Host foo
          
    Hostname foo.org
          
    User admin
          
    IdentityFile ~/.ssh/foo.pub
          
    IdentitiesOnly yes





          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396372%2fprompted-for-key-password-when-key-is-in-ssh-agent%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            I came across the solution in this blog post.



            Essentially, the idea is to refer to the public key, not the private key, in the IdentityFile declaration. So the final configuration for host foo would be something like this:



            Host foo
            
    Hostname foo.org
            
    User admin
            
    IdentityFile ~/.ssh/foo.pub
            
    IdentitiesOnly yes





            share|improve this answer




























              0














              I came across the solution in this blog post.



              Essentially, the idea is to refer to the public key, not the private key, in the IdentityFile declaration. So the final configuration for host foo would be something like this:



              Host foo
              
    Hostname foo.org
              
    User admin
              
    IdentityFile ~/.ssh/foo.pub
              
    IdentitiesOnly yes





              share|improve this answer


























                0












                0








                0







                I came across the solution in this blog post.



                Essentially, the idea is to refer to the public key, not the private key, in the IdentityFile declaration. So the final configuration for host foo would be something like this:



                Host foo
                
    Hostname foo.org
                
    User admin
                
    IdentityFile ~/.ssh/foo.pub
                
    IdentitiesOnly yes





                share|improve this answer













                I came across the solution in this blog post.



                Essentially, the idea is to refer to the public key, not the private key, in the IdentityFile declaration. So the final configuration for host foo would be something like this:



                Host foo
                
    Hostname foo.org
                
    User admin
                
    IdentityFile ~/.ssh/foo.pub
                
    IdentitiesOnly yes






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Feb 10 at 18:46









                chbchb

                2961416




                2961416






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396372%2fprompted-for-key-password-when-key-is-in-ssh-agent%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Сан-Квентин

                    Image
                    Сан-Квентин Местоположение Сан-Квентин, Калифорния Координаты 37°56′13″ с. ш. 122°29′20″ з. д. H G Я O L Текущий статус Действует Режим безопасности минимальный и максимальный Количество мест 3 302 Открытие Июнь 1852 Находится в ведомстве California Department of Corrections and Rehabilitation Начальник Mike Martel, начальник  Сан-Квентин на Викискладе Сан-Квентин (англ.  San Quentin ) — тюрьма, располагающаяся на 432 акрах (около 1,7 км²), на мысе Сан-Квентин, в округе Марин, штат Калифорния, США. Тюрьма штата Калифорния Сан-Квентин была открыта в июле 1852 года и является старейшей в штате. Она была построена заключёнными, которые проживали в течение строительства на тюремном судне Вабан. В Сан-Квентине отбывали наказание и мужчины, и женщины до 1934 года, когда построили женскую тюрьму в Техачапи и туда перевели всех заключённых женщин. В Сан-Квентине приводятся в исполнение смертные казни, для этого имеется газовая камера, но
                    Read more

                    Алькесар

                    Image
                    Муниципалитет Алькесар Alquézar Герб 42°10′16″ с. ш. 0°01′27″ в. д. H G Я O L Страна Испания   Испания Автономное сообщество Арагон Провинция Уэска Комарка Сомонтано-де-Барбастро Алькальд Хосе Марияно Альтемир Ласкорс (ИСРП) История и география Площадь 32,36 км² Высота НУМ 660 м Часовой пояс UTC+1, летом UTC+2 Население Население 313 человек ( 2010 ) Плотность 9,92 чел./км² Этнохороним alquezarano/-a Цифровые идентификаторы Телефонный код +34 974 Почтовые индексы 22112 Автомобильный код HU alquezar.org   (исп.) Показать/скрыть карты Алькесар Алькесар Алькесар  Аудио, фото и видео на Викискладе Алькесар (исп.  Alquézar ) — муниципалитет в Испании, входит в провинцию Уэска, в составе автономного сообщества Арагон. Муниципалитет находится в составе района (комарки) Сомонтано-де-Барбастро. Занимает площадь 32,36 км². Население — 321 челове
                    Read more

                    Josef Freinademetz

                    Image
                    San Ujöp (Giuseppe/Josef) Freinademetz Josef Freinademetz in abiti cinesi   Religioso e missionario   Nascita 15 aprile 1852 Morte 28 gennaio 1908 Venerato da Chiesa cattolica Beatificazione 1975 Canonizzazione 5 ottobre 2003 Ricorrenza 28 gennaio Manuale Ujöp Freinademetz noto anche come Giuseppe o Josef Freinademetz (Oies, 15 aprile 1852 – Taikia, 28 gennaio 1908) è stato un presbitero austriaco, membro della Società del Verbo Divino, fu missionario in Cina; è venerato come santo dalla Chiesa cattolica. .mw-parser-output .citazione-table{margin-bottom:.5em;font-size:95%}.mw-parser-output .citazione-table td{padding:0 1.2em 0 2.4em}.mw-parser-output .citazione-lang{vertical-align:top}.mw-parser-output .citazione-lang td{width:50%}.mw-parser-output .citazione-lang td:first-child{padding:0 0 0 2.4em}.mw-parser-output .citazione-lang td:nth-child(2){padding:0 1.2em} «Io amo la Cina e i cinesi; voglio morire in mezzo a loro, e tra loro
                    Read more